gboolean
auth_check_sender_role (GDBusMethodInvocation *invocation,
const gchar *role)
{
uid_t peer;
if (!daemon_get_sender_uid (daemon_get (), invocation, &peer))
return FALSE;
if (!auth_check_uid_role (invocation, peer, role))
return FALSE;
return TRUE;
}
static gboolean
account_auth_check (CockpitAccount *object,
GDBusMethodInvocation *invocation,
Account *acc)
{
uid_t peer;
if (!daemon_get_sender_uid (daemon_get (), invocation, &peer))
return FALSE;
if (acc->u && act_user_get_uid (acc->u) == peer)
return TRUE;
if (!auth_check_uid_role (invocation, peer, COCKPIT_ROLE_USER_ADMIN))
return FALSE;
return TRUE;
}
static void
user_removed (ActUserManager *um,
ActUser *user,
Accounts *accounts)
{
GDBusObjectManagerServer *object_manager_server = daemon_get_object_manager (daemon_get ());
Account *acc = g_hash_table_lookup (accounts->act_user_to_account, user);
if (acc)
{
account_update (acc, NULL);
g_dbus_object_manager_server_unexport (object_manager_server,
g_dbus_object_get_object_path (g_dbus_interface_get_object (G_DBUS_INTERFACE (acc))));
g_hash_table_remove (accounts->act_user_to_account, user);
}
}
static void
user_added (ActUserManager *um,
ActUser *user,
Accounts *accounts)
{
if (act_user_is_system_account (user))
return;
GDBusObjectManagerServer *object_manager_server = daemon_get_object_manager (daemon_get ());
CockpitAccount *acc = account_new ();
account_update (ACCOUNT (acc), user);
gs_free gchar *path =
utils_generate_object_path ("/com/redhat/Cockpit/Accounts",
cockpit_account_get_user_name (acc));
gs_unref_object CockpitObjectSkeleton *obj = cockpit_object_skeleton_new (path);
cockpit_object_skeleton_set_account (obj, acc);
g_dbus_object_manager_server_export_uniquely (object_manager_server,
G_DBUS_OBJECT_SKELETON (obj));
g_hash_table_insert (accounts->act_user_to_account, user, ACCOUNT(acc));
}
static gboolean
accounts_authorize_method (GDBusInterfaceSkeleton *interface,
GDBusMethodInvocation *invocation)
{
return daemon_authorize_method (daemon_get (), invocation);
}